Another MyBlogLog exploit?

This didn’t make much sense, so I put it through my “DaveN English into American English” decoder ring, and it came out as “In MyBlogLog (MBL), it’s too easy to take ownership of unclaimed blogs.” Read this article on Google Tutor for a better explanation.

My reaction? Meh. Cause the joke is on you, Google Tutor. When you claimed authorship of my blog community on MyBlogLog, it wasn’t me who owned it in the first place. Someone else signed up and claimed to be me, so this 100+ person community isn’t mine! 🙂 That’s right, you just claimed a community that someone else faked. Who’s laughing now, eh? 🙂

Truthfully, this doesn’t bother me that much. MyBlogLog was clearly shooting to get big quickly, so it seems like they skimped on some of the authentication stuff in order to be lighter weight and get more sign-ups quickly. Technorati, Yahoo’s Site Explorer and the Google webmaster console make you do more work to sign up (by adding a few bits on your blog or site), but the result is that you can trust the authentication more. So it was a design choice on MyBlogLog’s part to go for easy sign-up traction and less authentication. And it worked, because Yahoo bought them. I don’t begrudge MBL that. But I also wouldn’t use the same password on MBL as I would on my bank site. 🙂

P.S. I can’t do a post on MyBlogLog holes without mentioning Shoemoney’s from a few weeks ago.

It wouldn’t hurt for the Googles, Yahoo!s, Technoratis and other big content aggregators on the Web to agree on an authentication standard so we don’t have to clutter our hard drives and files with meta-mash just to prove who we are to every service that comes along.

Matt we spoke at SES in London. I also spoke to Dan Crowe who mentioned that redirecting ccTLDs onto .com sites would retain rank in country filtered
searches for those ccTLDs. He said he would confirm this and respond to me via email. I am still awaiting his response. Would you mind forwarding him a gentle reminder 🙂

I’m still laughing! You are not giving me enough credit, I called the Matt blog I claimed as a poser in the original post! I do wish it was yours though 😉

I don’t see this as all that big a deal either really, but they need to clamp down on this stuff soon. If I can find a hole anyone can…you know like someone that writes very popular but difficult to read blog posts? Heh.

Jenstar, yup, there are only a few of them. I’ll loan you mine before Seodays starts so that the audience can understand him. The secret is that DaveN skips every third word when he talks, and then substitutes “yeah?” half of the time for the skipped words. 😉

Matt — you hit the nail on the head; it’s lighter weight for our users to sign up without having to verify that they own the blog. However, we’ve known that certain practices that work early on will not work as we get bigger, so we’re talking about setting up an optional verification process. The big challenge is really how to allow someone to take over an unverified blog and gracefully communicate to all parties what has transpired. Cheers!

>> I don’t get the whole goofy faces looking out from the sidebar thing.

That’s exactly what makes MBL half as appealing as it is. Instead of the cheap words and outrageous claims that accompany most of those underlined blue words around the web, MBL appears to attach a face to a site (read: credibility).

Of course, that’s undermined to some degree by all the idiots who put pics of hot models and porn stars on their profile instead of their own.

I do not see a big future for mybloglog, it was a like a new toy for bloggers, we have played enough with it.

The biggest concern is privacy, mybloglog and google both have one issue, privacy, google keeps it to itself, mybloglog shows it to the world. I had made few simple tools to check these manipulation some months back.

I am working on a bigger thing for consolidating daily blog knowledge, i wish I could write more about it, keep watching my blog :).

LMAO Matt, where did you get your “DaveN English into American English” decoder ring? I could’ve definitely used one of those decoder rings with a beer accent adjustment knob in Chicago when Dave was slurring away inches in front of me.

Hey, meanwhile, there are e-mail spammers in the world generating bizarro-world subject lines in homage to you!

From my e-mail today:

03/15/07 03:53 pm Sophia Vasquez For those of you who don’t know, Matt is a Google guy guru, he is employed by Google but writes an independent blog and shares information related to Google and search engine optimization. 23KB

IncrediBILL, they’re quite rare and expensive, because they have to store “yeah” and “yer” in DaveN and be able to translate that into 15,000 phrases. 😉

vivekkedia, I was taking care of some stuff at work. I just posted basically all day today though. And now I’m going to get out and actually get some exercise. Duke lost in the first round of the NCAA, so I’m going to go shoot some hoops to commemorate the occasion. 🙂

Aaah well, Matt I am from India and have little knowledge about Duke, NCAA though i surely know that India is not doing well in the currently on Cricket World Cup http://en.wikipedia.org/wiki/2007_Cricket_World_Cup 🙁 Matt, u know what the cricket fans in India are so paranoid that they are attacking homes of the loosing players back in India 🙁

Did you know the previous owner of this community before Google Tutor was a big fan of Shoemoney? It could actually have looked like a social network doorway page, if such a concept exists.

What was your opinion about the FUD regarding MBL tracking Adsense being a problem, as I have seen reports from at least one peson that the Adsense team are ok with it, though there seems to be a sitaution that MBL is detecting more clicks than are being reported in the Adsense backend.

Would you also link to a site discussing ways to mess around with Adsense?

Considering Googles resources you could make things a little tighter, such as unique pub IDs generated per domain.

I must agree with Andy. Even big companies like Google have security issues (google “google account hijacking” for an example). And guess what Google asked to the bug hunters last time an exploit was disclosed ? “Please contact us immediatly when you find a vulnerability, don’t publish it on the web before we fix it”. Isn’t that ironic?